Security News > 2023 > February > GoAnywhere MFT zero-day vulnerability lets hackers breach servers

GoAnywhere MFT zero-day vulnerability lets hackers breach servers
2023-02-03 16:39

The developers of the GoAnywhere MFT file transfer solution are warning customers of zero-day remote code execution vulnerability on exposed administrator consoles.

GoAnywhere is a secure web file transfer solution that allows companies to securely transfer encrypted files with their partners while keeping detailed audit logs of who accessed the files.

"A Zero-Day Remote Code Injection exploit was identified in GoAnywhere MFT," warns the GoAnywhere security advisory.

On the file system where GoAnywhere MFT is installed, edit the file " /adminroot/WEB INF/web.

BleepingComputer has identified local governments, healthcare companies, banks, energy firms, financial services companies, museums, and computer part manufacturers utilizing the GoAnywhere file transfer solution.

Even a single breach leveraging GoAnywhere MFT's zero-day flaw could leak sensitive information that could be used for extortion.


News URL

https://www.bleepingcomputer.com/news/security/goanywhere-mft-zero-day-vulnerability-lets-hackers-breach-servers/